Re: ics and firewall

From: B. Switzer (bswitzer@myprivacy.ca)
Date: 02/11/03 

From: "B. Switzer" <bswitzer@myprivacy.ca>
Date: Tue, 11 Feb 2003 09:26:20 -0500

"Mike" <spamlessmike@spamcop.net> wrote in message
news:ttvg4vka1q2pcmrctihtn32evng8jevhor@4ax.com...
> >> How can a SPI firewall device with no external open ports be hacked?
>
> >Here's two:
> >1. Software Bugs
> >2. Trojan Horses / Virii.
>
> 1. Do you know of any past/recent bugs that caused an SPI firewall
> device to be compromised? I'd like to know more about it.
> 2. What if different systems and methods are in place that block/nuke
> these things at multiple points locally (and remotely)?
>
> Mike

I don't have stats. or references for you, I haven't been looking or
tracking. But, any time there's a bios / firmware / software or other
update, it's usually not just for bug fixing but for security bug fixing as
well.

2. goes back to what many have said here, security is more than just
firewall. If we just consider security, then I think saying that something
like ZoneAlarm to block outgoing as well is necessary, isn't unreasonable.
The trick is to make the redundancies contributory, not redundant. i.e. A
second firewall just checks things twice pointlessly, but only permitting
certain things out is not something that a hardware firewall checks.

Not everyone is computer savvy, that's why such products exist. Nor should
they have to be. Inevitably someone will inadvertently get something that
phones home. Call it Trojan, spyware, or adware, or whatever, even
reasonable people will do it inadvertently. Thus the need for firewall,
security, virus software, and everything else.

It's a nasty world out there, something I don't think is going to change any
time soon.

Relevant Pages

  • Re: RISC OS Updater? (Was: Re: Tinct for FF beta2)
    ... >> couple of major bugs (one of which caused Windows Explorer to crash ... With XP the main update is SP2, ... SP2 supports many more device drivers, has the security centre, yadda, ... the new MS firewall was of no benefit whatsoever. ...
    (comp.sys.acorn.apps)
  • Re: Slow FTP transfer from z/OS to Unix
    ... I am always suspicious of files, ftp options, network paths (thru routers, ... firewall rules gone bad, firewall loose cables, tar pits, ... retransmitting, ftp bugs, osa bugs, windows bugs (exhausted windows ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
    (bit.listserv.ibm-main)
  • Re: Firewalls, annual licence fee ?
    ... Is it really necessary to keep a firewall up to date all the time? ... Bugs in firewalls are common, just like bugs in an other complex ... Some vendors have a "free software upgrades for life" policy. ... Some vendors have a "No updates without a contract" policy. ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Netscreen firewalls
    ... but these bugs only show up if you do very complex installations with VPN ... I don't think that's entirely accurate - 5 years is a LONG time in firewall ... Their differentiating factors are more in usability, design, maintenance. ... Fortinet and Netscreen share the same former CEO, ...
    (Firewall-Wizards)
  • Re: ics and firewall
    ... Software Bugs ... Do you know of any past/recent bugs that caused an SPI firewall ... it's usually not just for bug fixing but for security bug fixing ... > The trick is to make the redundancies contributory, ...
    (comp.security.firewalls)